Description of problem: The "_rails_session" cookie created from the console is not marked as secure. This could allow the cookie to be transmitted over non-secure connections. As openshift (by default) requires an https connection, this isn't too much of an issue. However, server-side misconfiguration could lead to the cookie, along with the CSRF token within, to be compromised. Version-Release number of selected component (if applicable): 2.1 How reproducible: Always
I could have sworn this was already in progress. Alright, well, we should do it. Should not be hard.
*** This bug has been marked as a duplicate of bug 1114111 ***